Automatic Recovery After Array Failover
Active Directory and LDAP Enhancements
New Attributes for Configuring Windows Applications
New Attributes for Application Load Balancing
32-Bit Color Support for Windows Applications
Architecture of the SGD Gateway
Application-Level Device Configuration
New Command for Securing an SGD Server
Pull-Down Header for Kiosk Mode Applications
Active Directory Authentication Log Filter
Active Directory SSL Security Without Client Certificates
Improved Clock Synchronization Reporting for Arrays
Citrix ICA Protocol Not Available for Windows Applications
Application Start Time Shown on the Webtop
User Session Idle Timeout Attribute
Web Page Security Improvements
Support for Arabic and Hebrew Keyboards
Input Method for UNIX Platform Applications
UNIX Audio and SGD Enhancement Module Version
Changes to Syslog Message Format
New Default PDF Printer Driver for Windows Applications
Changes to tarantella start and tarantella stop Commands
New Name for SGD Terminal Services Client
Secure SOAP Connections No Longer Required
Option to Resume Printing from My Desktop
Changes to the tarantella security enable Command
Support for Evince Document Viewer
New -remoteaudio Option For SGD Terminal Services Client
Administration Console Configuration Parameter for DNS Lookups
SGD Server Command-Line Changes
Changes to tarantella security start and tarantella security stop Commands
Changes to tarantella status Command
Enabling Secure Intra-Array Communication
Replacing an SGD Server Certificate
Performance Improvements for tarantella array Commands
This section describes the features that are new in the SGD version 4.50 release.
This section includes the following topics:
This release introduces the Oracle Secure Global Desktop Gateway (SGD Gateway).
The SGD Gateway is a proxy server designed to be deployed in front of an SGD array in a demilitarized zone (DMZ). This enables the SGD array to be located on the internal network of an organization. Additionally, all connections can be authenticated in the DMZ before any connections are made to the SGD servers in the array.
Using the SGD Gateway is an alternative to running your SGD servers with firewall traversal, also called firewall forwarding.
The SGD Gateway manages load balancing of Hypertext Transfer Protocol (HTTP) connections, so you do not need to use the JavaServer Pages (JSP) technology load balancing page included with SGD.
The SGD Gateway software is included with the SGD distribution.
Instructions on how to install, configure, and use the SGD Gateway are included in the Oracle Secure Global Desktop 4.6 Gateway Administration Guide. This document also includes details of supported platforms.
To install the SGD Gateway, click the Install the Oracle Secure Global Desktop Gateway link on the SGD web server Welcome Page and follow the instructions on the screen.
By default, the SGD Gateway is installed in the /opt/SUNWsgdg directory on the SGD Gateway host.
The SGD Gateway consists of the following components:
Routing proxy. A Java technology-based application that routes Adaptive Internet Protocol (AIP) data connections to an SGD server.
Keystores in the routing proxy contain the certificates and private keys used to secure connections for the SGD Gateway.
The routing proxy uses routing tokens to manage AIP connections. A routing token is a signed, encrypted message that identifies the origin and destination SGD server for a route.
Reverse proxy. An Apache web server, configured to operate in reverse proxy mode.
The reverse proxy also performs load balancing of HTTP connections.
See the Appendix A of the Oracle Secure Global Desktop 4.6 Gateway Administration Guide for more details about the architecture and features of the SGD Gateway.
New commands have been introduced for the SGD Gateway, as follows:
gateway – The gateway command is used to control and configure the SGD Gateway.
You run this command on the SGD Gateway host.
tarantella gateway – The tarantella gateway command is used to register gateways for use by an SGD array.
You run this command on the SGD array.
A new attribute, --security-gateway, configures which client connections to an SGD array use the SGD Gateway.
See Appendix B of the Oracle Secure Global Desktop 4.6 Gateway Administration Guide for more details about these command-line changes.
This release enables application-level device configuration. For Windows applications, SGD Administrators can configure CDM and printing settings.
CDM and printing configuration for Windows application objects overrides settings configured for user profile, organizational unit, and organization objects. The order of precedence is: Windows application -> user profile -> organizational unit -> organization.
For CDM on all platforms, the access rights for a mapped client drive are shown in brackets after the drive name: (rw) means read-write access, (ro) means read only access. For example, in Windows desktop sessions access rights are displayed in file save dialogs and in the My Computer window.
This release includes a new feature called array failover. When array failover is enabled for an SGD array, the array repairs itself automatically following the loss of the primary server.
In array failover, a secondary server in the array is upgraded automatically to become the primary server.
Array failover is disabled by default for an SGD array. To enable array failover for an SGD array, run the following command on any SGD server in the array:
$ tarantella config edit --array-failoverenabled 1
See the Oracle Secure Global Desktop 4.6 Administration Guide for more details about configuring array failover for an SGD array.
A new attribute SWM Local Window Hierarchy (--swmopts) for Windows applications has been introduced for compatibility with some Borland applications. The attribute is only effective for applications having a Window Type setting of Seamless Window. Use this attribute if you are having problems with minimizing and maximizing the application window from the task bar.
A corresponding command option -swmopts has been added for the SGD Terminal Services Client program, ttatsc.
This release includes support for the German language.
The webtop, the Administration Console, and the SGD Client are available in German. The documentation is not translated into German.
Novell eDirectory version 8.8 or later is now supported as an LDAP directory server.
By default, Novell eDirectory requires that all simple LDAP binds that contain a password must be encrypted. To use simple binds with a password for SGD, you must do either of the following:
Configure SGD to use secure connections to eDirectory by using ldaps:// Uniform Resource Locators (URLs)
Configure the LDAP group object in eDirectory and disable Transport Layer Security (TLS) for simple binds